New Trojan Named ‘LuckyCat’ Hits Mac OS X, Spreads Through Microsoft Word Documents


Only a couple of days back, Apple released its own Flashback Removal Tool for OS X, making the world’s most advanced operating system fully secure again and today, a new Java based trojan has been discovered by Kaspersky Labs expert Costin Raiu. The expert explains in a blog post that the trojan, which is known as “LuckyCat”, takes advantage of an exploit in Microsoft Word that allows malware to be spread via documents which take advantage of the CVE-2009-0563 vulnerability (via TUAW).

According to the Kaspersky expert:

One of the biggest mysteries is the infection vector of these attacks. Given the highly targeted nature of the attack, there are very few traces. Nevertheless, we found an important detail which is the missing link: Six Microsoft Word documents, which we detect as Exploit.MSWord.CVE-2009-0563.a. In total we have six relevant Word .docs with this verdict — with four dropping the MaControl bot. The remaining two drop SabPub.

The most interesting thing here is the history of the second SabPub variant. In our virus collection, it is named “8958.doc”. This suggests it was extracted from a Word document or was distributed as a Doc-file.

There are no detection or removal tools for LuckyCat OS X trojan yet but it shouldn’t be long before Microsoft patches the vulnerability in an update for Office for Mac.


  • kennymatic

    So it begins…

  • Canuckdaneh

    Which version of Office is vulnerable? I read on apple insider that it’s 2004 and 2008, does anybody here know?

  • BrodieTheDog

    Kind of funny that this bug proliferates useing a MucroSoft Product.

  • excaliburca

    The days of people bragging their Macs are virus and spyware proof are over.

  • Jbohn

    No info here on what specifically to watch out for? Not very helpful…

  • Laserheart

    I’ve heard this vulnerability was patched years ago.  The new trojan just takes advantage of those people that haven’t updated their MS Word version since 2009.  What’s the real story here?